back to original credentials #30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Build & Push: bioconda-utils-build-env-cos7' | |
on: | |
push: | |
branches: | |
- test-push | |
paths: | |
- images/bioconda-utils-build-env-cos7/** | |
- .github/workflows/bioconda-utils-build-env-cos7.yml | |
pull_request: | |
paths: | |
- images/bioconda-utils-build-env-cos7/** | |
- .github/workflows/bioconda-utils-build-env-cos7.yml | |
jobs: | |
build: | |
name: Build & Push | |
runs-on: ubuntu-22.04 | |
env: | |
# The base image is not intended to change often and should be used with | |
# version tags or checksum IDs, but not via "latest". | |
MAJOR_VERSION: 3 | |
MINOR_VERSION: 1 | |
# Used for testing -- set to something like 'tmp-' or 'test-' to prefix | |
# images with this name during testing | |
IMAGE_PREFIX: "tmp-" | |
IMAGE_NAME: bioconda-utils-build-env-cos7 | |
steps: | |
- name: Checkout bioconda-containers | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Checkout bioconda-utils | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
repository: 'bioconda/bioconda-utils' | |
path: 'images/bioconda-utils-build-env-cos7/bioconda-utils' | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
with: | |
platforms: arm64 | |
- name: Build | |
id: build | |
run: | | |
set -xeu | |
image_name='${{ env.IMAGE_PREFIX }}${{ env.IMAGE_NAME }}' | |
image_dir='images/${{ env.IMAGE_NAME }}' | |
tags=' | |
${{ env.MAJOR_VERSION }} | |
${{ env.MAJOR_VERSION }}.${{ env.MINOR_VERSION }} | |
latest | |
' | |
# Adds image and tags to outputs which can be used in later steps. | |
printf %s\\n \ | |
"image_dir=${image_dir}" \ | |
"image_name=${image_name}" \ | |
"tags=$( echo ${tags} )" \ | |
>> $GITHUB_OUTPUT | |
cd 'images/${{ env.IMAGE_NAME }}' | |
# Create manifest (which is considered arch-independent) | |
for tag in ${tags} ; do | |
buildah manifest create "${image_name}:${tag}" | |
done | |
# Due to different nomenclature used by conda-forge and buildah, we | |
# need to map archs to base images. | |
for arch_and_image in \ | |
"amd64=quay.io/condaforge/linux-anvil-cos7-x86_64" \ | |
"arm64=quay.io/condaforge/linux-anvil-aarch64"; | |
do | |
# Unpack archs and base images | |
arch=$(echo $arch_and_image | cut -f1 -d "=") | |
base_image=$(echo $arch_and_image | cut -f2 -d "=") | |
# --iidfile prints the built image ID to the specified file. This is | |
# used so we can refer to the image in later steps. | |
iidfile="$( mktemp )" | |
buildah bud \ | |
--arch="${arch}" \ | |
--iidfile="${iidfile}" \ | |
--build-arg=base_image="$base_image" | |
image_id="$( cat "${iidfile}" )" | |
rm "${iidfile}" | |
# Extract various package info and version info to store as labels | |
container="$( buildah from "${image_id}" )" | |
run() { buildah run "${container}" "${@}" ; } | |
deb_list="$( run cat /.deb.lst | tr '\n' '|' | sed 's/|$//' )" | |
pkg_list="$( run cat /.pkg.lst | tr '\n' '|' | sed 's/|$//' )" | |
glibc="$( run sh -c 'exec "$( find -xdev -name libc.so.6 -print -quit )"' | sed '1!d' )" | |
bash="$( run bash --version | sed '1!d' )" | |
bioconda_utils="$( run sh -c '. /opt/conda/etc/profile.d/conda.sh && conda activate base && bioconda-utils --version' | rev | cut -f1 -d " " | rev )" | |
buildah rm "${container}" | |
# Store package/version info as labels for the image | |
container="$( buildah from "${image_id}" )" | |
buildah config \ | |
--label=glibc="${glibc}" \ | |
--label=bash="${bash}" \ | |
--label=deb-list="${deb_list}" \ | |
--label=pkg-list="${pkg_list}" \ | |
--label=bioconda-utils="${bioconda_utils}" \ | |
"${container}" | |
# Store the new image (now with labels) | |
image_id="$( buildah commit "${container}" )" | |
buildah rm "${container}" | |
# image tag includes arch; then added to manifest which does not include arch | |
for tag in ${tags} ; do | |
buildah tag \ | |
"${image_id}" \ | |
"${image_name}:${tag}-${arch}" | |
buildah manifest add \ | |
"${image_name}:${tag}" \ | |
"${image_id}" | |
done | |
done | |
- name: Test | |
run: | | |
image_name='${{ steps.build.outputs.image_name }}' | |
image_dir='${{ steps.build.outputs.image_dir }}' | |
# Extract image ids from manifest to test. | |
ids="$( | |
for tag in ${{ steps.build.outputs.tags }} ; do | |
buildah manifest inspect "${image}:${tag}" \ | |
| jq -r '.manifests[]|.digest' \ | |
| while read id ; do | |
buildah images --format '{{.ID}}{{.Digest}}' \ | |
| sed -n "s/${id}//p" | |
done | |
done | |
)" | |
# See Dockerfile.test for actual tests run | |
ids="$( printf %s "${ids}" | sort -u )" | |
for id in ${ids} ; do | |
podman history "${id}" | |
buildah bud \ | |
--build-arg=base="${id}" \ | |
--file=Dockerfile.test \ | |
"${image_dir}" | |
done | |
buildah rmi --prune || true | |
- name: Check Tags | |
run: | | |
# FIX upstream: Quay.io does not support immutable images currently. | |
# => Try to use the REST API to check for duplicate tags and exit if they exist | |
response="$( | |
curl -sL \ | |
'https://quay.io/api/v1/repository/bioconda/${{ steps.build.outputs.image_name }}/tag/' | |
)" | |
# This might be the first time making this image (e.g., will likely | |
# happen when using a test prefix), in which case there will be no | |
# available images. | |
if [ "$(echo "${response}" | jq -r '.error_message')" == "Requires authentication" ]; then | |
exit 0 | |
fi | |
existing_tags="$( | |
printf %s "${response}" \ | |
| jq -r '.tags[]|select(.end_ts == null or .end_ts >= now)|.name' | |
)" \ | |
|| { | |
printf %s\\n \ | |
'Could not get list of image tags.' \ | |
'Does the repository exist on Quay.io?' \ | |
'Quay.io REST API response was:' \ | |
"${response}" | |
exit 1 | |
} | |
for tag in ${{ steps.build.outputs.tags }} ; do | |
case "${tag}" in | |
latest | '${{ env.MAJOR_VERSION }}' ) ;; | |
* ) | |
if printf %s "${existing_tags}" | grep -qxF "${tag}" ; then | |
printf 'Tag %s already exists!\n' "${tag}" | |
exit 1 | |
fi | |
esac | |
done | |
- if: ${{ github.ref == 'refs/heads/test-push' }} | |
name: Push | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build.outputs.image_name }} | |
tags: ${{ steps.build.outputs.tags }} | |
registry: quay.io/bioconda | |
username: ${{ secrets.QUAY_BIOCONDA_USERNAME }} | |
password: ${{ secrets.QUAY_BIOCONDA_TOKEN }} | |
- if: ${{ github.ref == 'refs/heads/test-push' }} | |
name: Test Pushed | |
run: | | |
image_name='${{ steps.build.outputs.image_name }}' | |
image_dir='${{ steps.build.outputs.image_dir }}' | |
ids="$( | |
for tag in ${{ steps.build.outputs.tags }} ; do | |
buildah manifest inspect "${image_name}:${tag}" \ | |
| jq -r '.manifests[]|.digest' \ | |
| while read id ; do | |
buildah images --format '{{.ID}}{{.Digest}}' \ | |
| sed -n "s/${id}//p" | |
done | |
done | |
)" | |
ids="$( printf %s "${ids}" | sort -u )" | |
for id in ${ids} ; do | |
podman history "${id}" | |
buildah bud \ | |
--build-arg=base="${id}" \ | |
--file=Dockerfile.test \ | |
"${image_dir}" | |
done | |
buildah rmi --prune || true |